Almost 13000 Affected by Recent Pharmacy Data Breaches

Three data breaches have been reported by pharmacy stores in the past two months, resulting in the PHI of almost 13,000 pharmacy customers being exposed or disclosed to unauthorized individuals.

Walmart Reports Breach of 4,800 Patients’ Data

Walmart stores recently announced that some of its online pharmacy customers may have had their names, addresses, date of births, and prescription histories exposed as a result of a coding error that was made while the company was migrating data between servers.

Between February 15 and February 18, 2015, online customers who logged into the company’s online pharmacy may have been able to view the data of other customers who logged in at the exact same time. No Social Security numbers or financial data were exposed as a result of the coding error.

Dan Toporek, a spokesperson for Walmart, said a few thousand individuals had been affected, although this is a small percentage of the number of individuals who used the company’s online pharmacy during the four-day stretch.

The data breach has now been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), with the breach report indicating 4,800 patients were affected. Toporek said there is no reason to believe that any data have been used inappropriately, although all customers who had their data exposed as a result of the error would be individually notified and offered identity protection services.

A burglary at Roark’s Pharmacy in Oneida, TN., in January has impacted 3,000 of the store’s customers. A hard drive containing customer prescription information and personal data was stolen by thieves who broke in to the pharmacy in the early hours of January 13. The break-in and theft was discovered four hours later when pharmacy owner, Terry Roark, arrived to open the store at 6:30am.

The thieves had taken all of the pharmacy’s narcotics, $400 in cash, and a computer hard drive containing the data of 3,000 customers. The thieves are understood to have broken in in order to steal narcotics, and took other items of value, including the hard drive. The thieves gained access to the building by sawing through the door and removing it from its hinges. While law enforcement officers have investigated the burglary and obtained CCTV footage from the service station next door, the DVR system linked to the pharmacy’s CCTV cameras was also stolen in the break-in. No suspects have been arrested.

5,000 Customers Affected by Locust Fork Pharmacy Data Breach

Locust Fork Pharmacy in Alabama has reported a security incident to the Office for Civil Rights that has affected 5,000 of its customers. The incident is listed as an “unauthorized access/disclosure”, although no further information has been made available about the incident.

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.